summaryrefslogtreecommitdiff
path: root/cpp/src
diff options
context:
space:
mode:
Diffstat (limited to 'cpp/src')
-rw-r--r--cpp/src/Ice/Makefile2
-rw-r--r--cpp/src/Ice/SslConnectionOpenSSLClient.cpp6
-rw-r--r--cpp/src/Ice/SslConnectionOpenSSLServer.cpp6
-rw-r--r--cpp/src/Ice/SslContextOpenSSL.cpp159
-rw-r--r--cpp/src/Ice/SslContextOpenSSL.h5
-rw-r--r--cpp/src/Ice/ice.dsp4
6 files changed, 67 insertions, 115 deletions
diff --git a/cpp/src/Ice/Makefile b/cpp/src/Ice/Makefile
index 82fbc03b8b5..980a492671a 100644
--- a/cpp/src/Ice/Makefile
+++ b/cpp/src/Ice/Makefile
@@ -155,7 +155,7 @@ clean::
$(HDIR)/Communicator.h Communicator.cpp: $(SDIR)/Communicator.ice $(SLICE2CPP)
rm -f $(HDIR)/Communicator.h Communicator.cpp
- $(SLICECMD) $(SDIR)/Communicator.ice
+ $(SLICECMD) -DICE_CPP $(SDIR)/Communicator.ice
mv Communicator.h $(HDIR)
clean::
diff --git a/cpp/src/Ice/SslConnectionOpenSSLClient.cpp b/cpp/src/Ice/SslConnectionOpenSSLClient.cpp
index eb2b70af6cf..040d6cb0a27 100644
--- a/cpp/src/Ice/SslConnectionOpenSSLClient.cpp
+++ b/cpp/src/Ice/SslConnectionOpenSSLClient.cpp
@@ -307,12 +307,14 @@ IceSSL::OpenSSL::ClientConnection::write(Buffer& buf, int timeout)
}
case SSL_ERROR_WANT_READ:
- {
+ {
+ // TODO: Probably don't need this - remove later if not needed.
+
// If we get this error here, it HAS to be because
// the protocol wants to do something handshake related.
// In the case that we might actually get some application data,
// we will use the base SSL read method, using the _inBuffer.
- readSSL(_inBuffer, timeout);
+ // readSSL(_inBuffer, timeout);
continue;
}
diff --git a/cpp/src/Ice/SslConnectionOpenSSLServer.cpp b/cpp/src/Ice/SslConnectionOpenSSLServer.cpp
index 1dcea25d049..96392f0e551 100644
--- a/cpp/src/Ice/SslConnectionOpenSSLServer.cpp
+++ b/cpp/src/Ice/SslConnectionOpenSSLServer.cpp
@@ -54,7 +54,9 @@ IceSSL::OpenSSL::ServerConnection::ServerConnection(
SSL* connection,
const IceSSL::SystemInternalPtr& system) :
Connection(traceLevels, logger, certificateVerifier, connection, system)
-{
+{
+ assert(_sslConnection != 0);
+
// Set the Accept Connection state for this connection.
SSL_set_accept_state(_sslConnection);
}
@@ -72,6 +74,8 @@ IceSSL::OpenSSL::ServerConnection::shutdown()
int
IceSSL::OpenSSL::ServerConnection::init(int timeout)
{
+ assert(_sslConnection != 0);
+
int retCode = SSL_is_init_finished(_sslConnection);
while (!retCode)
diff --git a/cpp/src/Ice/SslContextOpenSSL.cpp b/cpp/src/Ice/SslContextOpenSSL.cpp
index 6366c10a5b2..84d5af75b14 100644
--- a/cpp/src/Ice/SslContextOpenSSL.cpp
+++ b/cpp/src/Ice/SslContextOpenSSL.cpp
@@ -229,6 +229,8 @@ IceSSL::OpenSSL::Context::createContext(SslProtocol sslProtocol)
void
IceSSL::OpenSSL::Context::loadCertificateAuthority(const CertificateAuthority& certAuth)
{
+ assert(_sslContext != 0);
+
std::string fileName = certAuth.getCAFileName();
std::string certPath = certAuth.getCAPath();
@@ -311,8 +313,34 @@ IceSSL::OpenSSL::Context::setKeyCert(const CertificateDesc& certDesc,
}
void
+IceSSL::OpenSSL::Context::checkKeyCert()
+{
+ assert(_sslContext != 0);
+
+ // Check to see if the Private and Public keys that have been
+ // set against the SSL context match up.
+ if (!SSL_CTX_check_private_key(_sslContext))
+ {
+ IceSSL::OpenSSL::ContextException contextEx(__FILE__, __LINE__);
+
+ contextEx._message = "Private key does not match the certificate public key.";
+ std::string sslError = sslGetErrors();
+
+ if (!sslError.empty())
+ {
+ contextEx._message += "\n";
+ contextEx._message += sslError;
+ }
+
+ throw contextEx;
+ }
+}
+
+void
IceSSL::OpenSSL::Context::addKeyCert(const CertificateFile& privateKey, const CertificateFile& publicCert)
{
+ assert(_sslContext != 0);
+
if (!publicCert.getFileName().empty())
{
std::string publicCertFile = publicCert.getFileName();
@@ -360,48 +388,13 @@ IceSSL::OpenSSL::Context::addKeyCert(const CertificateFile& privateKey, const Ce
throw contextEx;
}
- // Check to see if the Private and Public keys that have been
- // set against the SSL context match up.
- if (!SSL_CTX_check_private_key(_sslContext))
- {
- IceSSL::OpenSSL::ContextException contextEx(__FILE__, __LINE__);
-
- contextEx._message = "Private key does not match the certificate public key.";
- std::string sslError = sslGetErrors();
-
- if (!sslError.empty())
- {
- contextEx._message += "\n";
- contextEx._message += sslError;
- }
-
- throw contextEx;
- }
+ checkKeyCert();
}
}
-//
-// TODO: Merge base functionality of addKeyCert()'s so they call a base.
-//
-
void
-IceSSL::OpenSSL::Context::addKeyCert(const Ice::ByteSeq& privateKey, const Ice::ByteSeq& publicKey)
+IceSSL::OpenSSL::Context::addKeyCert(const RSAKeyPair& keyPair)
{
- Ice::ByteSeq privKey = privateKey;
-
- if (privKey.empty())
- {
- if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
- {
- _logger->trace(_traceLevels->securityCat, "WRN No private key specified - using the certificate.");
- }
-
- privKey = publicKey;
- }
-
- // Make a key pair based on the Base64 encoded strings
- RSAKeyPair keyPair(privKey, publicKey);
-
// Janitors to ensure that everything gets cleaned up properly
RSAJanitor rsaJanitor(keyPair.getRSAPrivateKey());
X509Janitor x509Janitor(keyPair.getX509PublicKey());
@@ -444,29 +437,13 @@ IceSSL::OpenSSL::Context::addKeyCert(const Ice::ByteSeq& privateKey, const Ice::
rsaJanitor.clear();
- // Check to see if the Private and Public keys that have been
- // set against the SSL context match up.
- if (!SSL_CTX_check_private_key(_sslContext))
- {
- IceSSL::OpenSSL::ContextException contextEx(__FILE__, __LINE__);
-
- contextEx._message = "Private key does not match the certificate public key.";
- std::string sslError = sslGetErrors();
-
- if (!sslError.empty())
- {
- contextEx._message += "\n";
- contextEx._message += sslError;
- }
-
- throw contextEx;
- }
+ checkKeyCert();
}
void
-IceSSL::OpenSSL::Context::addKeyCert(const std::string& privateKey, const std::string& publicKey)
+IceSSL::OpenSSL::Context::addKeyCert(const Ice::ByteSeq& privateKey, const Ice::ByteSeq& publicKey)
{
- std::string privKey = privateKey;
+ Ice::ByteSeq privKey = privateKey;
if (privKey.empty())
{
@@ -478,74 +455,38 @@ IceSSL::OpenSSL::Context::addKeyCert(const std::string& privateKey, const std::s
privKey = publicKey;
}
- // Make a key pair based on the Base64 encoded strings
+ // Make a key pair based on the DER encoded byte sequences.
RSAKeyPair keyPair(privKey, publicKey);
- // Janitors to ensure that everything gets cleaned up properly
- RSAJanitor rsaJanitor(keyPair.getRSAPrivateKey());
- X509Janitor x509Janitor(keyPair.getX509PublicKey());
-
- // Set which Public Key file to use.
- if (SSL_CTX_use_certificate(_sslContext, x509Janitor.get()) <= 0)
- {
- IceSSL::OpenSSL::ContextException contextEx(__FILE__, __LINE__);
-
- contextEx._message = "Unable to set certificate from memory.";
- std::string sslError = sslGetErrors();
-
- if (!sslError.empty())
- {
- contextEx._message += "\n";
- contextEx._message += sslError;
- }
-
- throw contextEx;
- }
+ addKeyCert(keyPair);
+}
- x509Janitor.clear();
+void
+IceSSL::OpenSSL::Context::addKeyCert(const std::string& privateKey, const std::string& publicKey)
+{
+ std::string privKey = privateKey;
- // Set which Private Key file to use.
- if (SSL_CTX_use_RSAPrivateKey(_sslContext, rsaJanitor.get()) <= 0)
+ if (privKey.empty())
{
- IceSSL::OpenSSL::ContextException contextEx(__FILE__, __LINE__);
-
- contextEx._message = "Unable to set private key from memory.";
- std::string sslError = sslGetErrors();
-
- if (!sslError.empty())
- {
- contextEx._message += "\n";
- contextEx._message += sslError;
+ if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
+ {
+ _logger->trace(_traceLevels->securityCat, "WRN No private key specified - using the certificate.");
}
- throw contextEx;
+ privKey = publicKey;
}
- rsaJanitor.clear();
-
- // Check to see if the Private and Public keys that have been
- // set against the SSL context match up.
- if (!SSL_CTX_check_private_key(_sslContext))
- {
- IceSSL::OpenSSL::ContextException contextEx(__FILE__, __LINE__);
-
- contextEx._message = "Private key does not match the certificate public key.";
- std::string sslError = sslGetErrors();
-
- if (!sslError.empty())
- {
- contextEx._message += "\n";
- contextEx._message += sslError;
- }
+ // Make a key pair based on the Base64 encoded strings.
+ RSAKeyPair keyPair(privKey, publicKey);
- throw contextEx;
- }
+ addKeyCert(keyPair);
}
SSL*
IceSSL::OpenSSL::Context::createSSLConnection(int socket)
{
SSL* sslConnection = SSL_new(_sslContext);
+ assert(sslConnection != 0);
SSL_clear(sslConnection);
@@ -557,7 +498,7 @@ IceSSL::OpenSSL::Context::createSSLConnection(int socket)
void
IceSSL::OpenSSL::Context::connectionSetup(const ConnectionPtr& connection)
{
- // Set the Post-Hanshake Read timeout
+ // Set the Post-Handshake Read timeout
// This timeout is implemented once on the first read after hanshake.
int handshakeReadTimeout;
std::string value = _properties->getProperty(_handshakeTimeoutProperty);
diff --git a/cpp/src/Ice/SslContextOpenSSL.h b/cpp/src/Ice/SslContextOpenSSL.h
index de26f046987..a0b9071ad87 100644
--- a/cpp/src/Ice/SslContextOpenSSL.h
+++ b/cpp/src/Ice/SslContextOpenSSL.h
@@ -39,6 +39,7 @@ namespace OpenSSL
{
class System;
+class RSAKeyPair;
class Context : public IceUtil::Shared
{
@@ -73,8 +74,12 @@ protected:
void setKeyCert(const IceSSL::CertificateDesc&, const std::string&, const std::string&);
+ void checkKeyCert();
+
void addKeyCert(const IceSSL::CertificateFile&, const IceSSL::CertificateFile&);
+ void addKeyCert(const RSAKeyPair&);
+
void addKeyCert(const Ice::ByteSeq&, const Ice::ByteSeq&);
void addKeyCert(const std::string&, const std::string&);
diff --git a/cpp/src/Ice/ice.dsp b/cpp/src/Ice/ice.dsp
index f1082b469a6..44b4e7db441 100644
--- a/cpp/src/Ice/ice.dsp
+++ b/cpp/src/Ice/ice.dsp
@@ -1189,7 +1189,7 @@ InputPath=..\..\slice\Ice\Communicator.ice
BuildCmds= \
set PATH=%PATH%;..\..\lib \
- ..\..\bin\slice2cpp.exe --dll-export ICE_API --include-dir Ice -I../../slice ../../slice/Ice/Communicator.ice \
+ ..\..\bin\slice2cpp.exe -DICE_CPP --dll-export ICE_API --include-dir Ice -I../../slice ../../slice/Ice/Communicator.ice \
move Communicator.h ..\..\include\Ice \
@@ -1208,7 +1208,7 @@ InputPath=..\..\slice\Ice\Communicator.ice
BuildCmds= \
set PATH=%PATH%;..\..\lib \
- ..\..\bin\slice2cpp.exe --dll-export ICE_API --include-dir Ice -I../../slice ../../slice/Ice/Communicator.ice \
+ ..\..\bin\slice2cpp.exe -DICE_CPP --dll-export ICE_API --include-dir Ice -I../../slice ../../slice/Ice/Communicator.ice \
move Communicator.h ..\..\include\Ice \
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-04 08:50:52 +0000